from the not-so-invincible dept

Once upon a time, the Dutch "anti-piracy" group BREIN seemed invincible, winning a number of copyright infringement cases. But recently, its winning streak has come to an end. Last week we reported on how BREIN's attempt to block access to The Pirate Bay had been thrown out, and now we have the following case, as reported by TorrentFreak:

A Dutch man who admitted uploading more than 5,000 e-books to The Pirate Bay has had his case dismissed on appeal. The court ruled that the man can't be prosecuted criminally as copyright infringement cases belong in a civil court. Anti-piracy group BREIN is disappointed, but still has the option to pursue the uploader in a civil action.

Even if BREIN wins that action, the appeal court's decision is a serious defeat for the organization. It means BREIN has failed in its attempt to extend the use of criminal courts to cases that do not involve a criminal organization and where the infringements are not carried out as business activities. Had BREIN been successful, that widening of scope would have had a major impact on the Dutch copyright enforcement landscape.

from the a-new-high-in-low dept

Here's how stupid legislation is assembled.

HOT BUTTON TOPIC + BRIEFLY CONCERNED LEGISLATOR - COMMON SENSE = A proposed amendment so brain dead, its author should be immediately hooked up to an EEG.

The "hot topic?" The form of recorded violence known colloquially as the "knockout game." Said "game" is played by a minimum of one willing participant and one unwilling participant. The goal is to knock out the unwilling participant with one punch, preferably while being recorded for posterity/evidence. Video is then uploaded to YouTube (or other services) for appreciation by those who like this sort of thing.

The legislator who apparently failed to consider the mind blowing amount of unintended consequences built into his legislation? South Carolina senator Vincent Sheheen.

"Section 16-1-65. (A) It is unlawful for a person to produce or create, or conspire to produce or create, a video or audio recording, digital electronic file, or other visual depiction or representation of a violent crime, as defined in Section 16-1-60 [violent crimes], during its commission. A person who violates the provisions of this subsection is guilty of a felony and, upon conviction, must be fined not less than five hundred dollars or more than five thousand dollars or imprisoned not more than five years, or both.

(B) A person who violates the provisions of subsection (A) and who publishes, or otherwise makes the video or audio recording, digital electronic file, or other visual depiction or representation available for public display is guilty of a separate offense and, upon conviction, must be fined not less than five hundred dollars or more than five thousand dollars or imprisoned not more than five years, or both.

(C) A person who knowingly aids in the commission of a violation of subsection (A) or (B) or is an accessory before or after the fact in commission of the violation of subsection (A) or (B) is guilty of a felony and must be punished in the same manner prescribed in subsection (A) or (B), as applicable.

(D) The provisions of subsection (A) and (B) do not apply to:

(1) viewing, photographing, videotaping, or filming by personnel of the Department of Corrections or of a county, municipal, or local jail or detention center or correctional facility for security purposes or during investigation of alleged misconduct by a person in the custody of the Department of Corrections or a county, municipal, or local jail or detention center or correctional facility;

(2) security surveillance in bona fide business establishments;

(3) accidental or incidental recordings;

(4) any official law enforcement activities;

(5) private detectives and investigators conducting surveillance in the ordinary course of business; or

(6) any bona fide news gathering activities."

So, an amendment aimed at hauling in participants in the "knockout game" (the person holding the camera) will now criminalize all sorts of recordings. Sheheen pitches it this way:

“Really this is another tool for law enforcement to use to make sure that somebody can't claim, 'Oh, I didn't commit that crime, I just videotaped it,' when in reality they were part of the problem in the first place."

Really, this is another tool for law enforcement to make sure that somebody can't record police misconduct or use of excessive force. Sure, the person recording didn't commit the crime being recorded, but they have now committed the crime of recording criminal activity. If a law can be twisted by bad cops to prevent or seize recordings of their dubious behavior, it very definitely will be.

So you see a robbery occurring, or the police illegally beating a citizen, and you videorecord it — you’ve now committed a felony, unless you can persuade a court it’s a “bona fide news gathering activit[y].” (The recording isn’t “accidental or incidental,” since you’re making it deliberately.) Or say your friend is being attacked, and you record the video to give to the police or to use in a civil suit; perhaps you even expected an attack, for instance if you’re going to a potentially violent demonstration or going past a place where thugs have routinely attacked people of some race, religion, or sexual orientation. That too is a felony.

And while one could interpret any citizen action aimed at gathering information as “bona fide news gathering activit[y],” that’s far from clear. It’s an argument I’d make as your defense lawyer, but it’s not an argument you can feel confident about if you’re deciding whether to make the recording. If the law is enacted, any suitably cautious South Carolinian would be well-advised just not to record any crime he sees, if he wants to avoid the risk of prison time.

Sheheen's amendment is ugly all over. While it makes exceptions for "bona fide business" surveillance, it makes no such exception for cameras mounted by private citizens to protect their own property. Someone breaks into your house and you've got the tape to prove it? Guess what: both you and the perp have violated the law.

Volokh points out the problems inherent in proving newsworthiness to prosecutors. The same uphill battle awaits those with accidental or incidental recordings. Try proving that negative in the courts while facing a zealous DA.

Not only does this criminalize citizens' recording (and citizen reporting -- bloggers aren't journalists, etc.) but it has the potential to curtail law enforcement efforts. Stupid people record their own criminal activity all the time but putting this law on the books may make them decide to leave the camera at home. Sure, they're already committing a crime, but why add additional months to the sentence? Why would someone purportedly trying to be tough on (a certain) crime want to discourage the generation of useful evidence?

This kneejerk amendment also overlooks the fact that many laws are already on the books for prosecuting camera-toting friends of assailants. Like aiding and abetting. Or conspiracy to commit a criminal act. There are ways to bring the "cinematographer" down without putting regular, law-abiding citizens at risk of violating an astronomically asinine law simply because they managed to capture evidence of criminal activity with their cell phone or personally-owned surveillance system.

Then there's this:

…or other visual depiction or representation of a violent crime…

Not only will it be criminal to record criminal activity, it will also be criminal to create a graphic novel depicting criminal acts, depict a criminal act in a play, movie, television show or YouTube video, or perform a classic Punch and Judy routine. "Visual depictions" of fake crime? Also a crime. Yes, these scenarios are blatantly ridiculous, but that's precisely what the law states. If Sheheen doesn't want people mocking his stupid amendment with scenarios no self-respecting law enforcement officer (and even some LEOs with no self-respect) would drop the hammer on, then he should have written his amendment less stupidly. Or not at all.

I now turn this over to the comment section, who should be able to top these "what if" scenarios in a heartbeat.

from the that's-not-good dept

You may have heard about the recent high-profile, malicious hack of Target's point of sale systems, giving the attackers access to the details of at least 40 million credit cards. Senator Patrick Leahy is, incredibly cynically, using this news event to try to sneak through a change to the "anti-hacking" law, the CFAA, which was used to prosecute Aaron Swartz and many others. And it's not a change to improve that law, but to broaden it, extending massively how the DOJ can charge just about anyone they want with serious computer crimes. This is monumentally bad, and Senator Leahy is trying to hide it behind a major news event because he knows he couldn't get this kind of DOJ wishlist through without hiding it.

Officially, this is Leahy reintroducing his Personal Data Privacy and Security Act -- a bill he's tried to introduce a number of times before. The crux of that bill makes some sense: requiring companies that have had a security breach to inform those who were impacted. State laws (most notably, California's) already include some similar requirements, but this is an attempt to create a federal law on that front. There are some reasonable concerns about such a law, but the general idea of better protecting the public from data breaches, by at least letting them know about it, is an idea worth considering.

The problem is that Leahy has inserted a couple of other dangerous bits and pieces into the bill, including a couple of "reforms" to the parts of the CFAA that have raised significant concerns, and burying them deep within this bill. Section 105 of the bill, for example, simply repeats the same change that the House Judiciary tried to include last year in an attempt at bad CFAA reform. It's basically part of the DOJ's wishlist, changing the CFAA to make you guilty of violating the law if you merely "conspire or attempt to commit" the offense, rather than if you actually do commit the offense. It may be difficult to understand if you just read the proposed bill (this is on purpose), but the bill says it wants to include the term "for the completed offense" so that the CFAA now reads:

Whoever conspires to commit or attempts to commit an offense under subsection (a) of this section shall be punished as provided for the completed offense in subsection (c) of this section.

Right now, the law does not include those four words. Why is that a big change? As we explained last year:

All they did was add the "for the completed offense," to that sentence. That may seem like a minor change at first, but it would now mean that they can claim that anyone who talked about doing something ("conspires to commit") that violates the CFAA shall now be punished the same as if they had "completed" the offense. And, considering just how broad the CFAA is, think about how ridiculous that might become.

While the proposed bill does include a further change that notes that merely violating a terms of service agreement does not make you subject to the CFAA, it's not just the TOS issue that concerns so many people about the CFAA.

The CFAA needs to be greatly scaled back, not expanded, no matter what the DOJ wants. It's ridiculous that Senator Leahy is not only proposing this, but then trying to hide it in this bill about security breach reporting, tying it to a news event.

from the for-tests-that-don't-even-work-well dept

Just a few weeks ago, we wrote about how the feds had been directly going after people who claimed to teach others how to pass lie detector tests, claiming that this was part of their war on stopping leakers and security vulnerabilities. What was chilling was that a US official specifically said that they needed to focus their investigative efforts on the people who protested the loudest, which seems like a clear attack on free speech. As we noted at the time, the feds had already filed criminal charges against two people for offering to teach others how to beat lie detector tests, and now one of them has been sentenced to eight months in jail -- for teaching people how to beat a test that many argue has never ever been accurate in the first place.

As we noted last time, TV shows like Mythbusters and Penn & Teller: Bullshit! have both more or less taught people the same thing. While the government sought an even longer sentence, this is still worrisome on a variety of levels. Merely instructing people how to beat an extremely faulty technology should never be a crime. The judge and the DOJ's statements on the case are just bizarre:

O’Grady acknowledged “the gray areas” between the constitutional right to discuss the techniques and the crime of teaching someone to lie while undergoing a government polygraph. “There’s nothing unlawful about maybe 95 percent of the business he conducted,” the judge said.

However, O’Grady added that “a sentence of incarceration is absolutely necessary to deter others.”

Deter others from what? From speaking out about how to trick incredibly unreliable technology that the government probably relies on too much already?

“This crime matters because what he did endangers others,” said Anthony Phillips, a prosecutor with the Justice Department’s division that pursues corrupt public officials.

No it didn't. It doesn't endanger others to show them that a lie detector is faulty and not reliable. What endangers people is the federal government relying on such a dreadful technology that's so easy to "beat."

In many ways, this is similar to discovering a massive security flaw and then blaming the messenger for showing others how that security is flawed. The proper response is to not use the flawed security. But that's not how the government operates, unfortunately.

from the really-now? dept

We know that some legacy players who rely too heavily on copyright law seem to react negatively to any discussion of unauthorized distribution of files, but a group of German book publishers have apparently taken this to the next level. As highlighted on TorrentFreak, they've resorted to filing criminal complaints against two news websites, Der Tagesspiegel and Zeit.de, for publishing an interview with the creators of a website called Boox.to, which offers up unauthorized downloads of ebooks. Again, this is not the unauthorized site itself they filed the complaint over, but rather news websites for daring to name the site in the interview that was done.

“With the direct and multiple naming of the Internet address the reader is immediately aware of the illicit supply of the website. With regard to objective journalistic reporting there was no need for direct nomination,” the publishers write in their complaint.

“The publication of the Website and its Internet address immediately enabled a broad mass of readers to become aware of the site. The reader is also indirectly encouraged to take advantage of the offer, taking advantage of the illegal site that has been highlighted by the play of the interview.”

Of course, this raises the obvious retort: if publishing an interview helps make a "broad mass" of people more "aware of the site," what do they think filing a really stupid and ridiculous lawsuit against these websites will do?

from the enforce-the-law? dept

You may recall that it came out last year that the New Zealand equivalent of the NSA, the GCSB, illegally spied on Kim Dotcom (oh, and dozens of others), possibly with the help of the NSA, despite not being allowed to spy on those in New Zealand.

An investigation by the police has agreed that the GCSB clearly broke the law... but the police have said that they don't plan to prosecute the spy agency. Because, you know, that might hold them accountable. Now, at least, the GCSB knows that it can abuse the law at will with no punishment.

Instead, it appears that the excuse being used by the police is the same one we've been hearing from NSA defenders: because these abuses weren't intentional, they can be ignored:

Today, Detective Superintendent Peter Read told a media conference that in spite of the GCSB committing one breach under the provisions of the Crimes Act, no criminal "intent" by the GCSB could be established.

I'm not sure that actually makes sense. Yes, when it comes to criminal activity, intent can be important in determining if it's actually criminal, but there's little doubt that the GCSB intentionally spied on Dotcom. It wouldn't have taken very much at all to recognize that Dotcom was a resident of New Zealand who GCSB is forbidden from surveilling. So it seems like the intent was pretty clear.

The new proposals have a clear intention: to amend the Criminal Code to allow criminal prosecutions of Websites that provide links. According to the leaked document it will be an offense to provide ordered listings and categorized links to protected content, developed for this purpose and involving an active and non-neutral maintenance and updating of those lists.

Interestingly, Google wouldn't be affected by the new law according to ADSL Zone, nor would "occasional links" be prosecuted. Of course, everything would then hinge on what "occasional" meant in this context.

There's also the following proposal:

Second, the paper seeks to limit the concept of private copying. This will require us to be in possession of the "original media". This is really incompatible with the current reality, since there are legal platforms like Spotify or iTunes where you do not have that "native support".

The concept of "original media" is meaningless in the digital realm, where files are copied many times as they traverse the Internet, or as people move them around on their storage media. How on earth would you prove that your digital copy was "original"?

Finally, there is a suggestion for making the copyright levy system not only worse, but in conflict with current EU plans to rationalize it:

no matter whether we copy or not, whether or not we have the "original media", the fee will be charged in any case.

In an age where storage media are becoming ubiquitous -- if Samsung's refrigerator is running Android, it must have storage -- such levies are anachronistic and harm innovation, so Spain's plans to push on with them is one more indicator that it's heading in the wrong direction. The big question, of course, is why it is doing this: is it simply the usual story of lobbyists' privileged access to government ministers who aren't interested in whether the new measures are fair or even effective? Or is this once more the heavy hand of America reaching across the water to put a little pressure on its Hispanic friends...?

from the only-if-you-don't-really-understand-stuff dept

We recently wrote about a series of cases where young computer hackers were either charged or threatened with criminal charges for doing things that don't seem particularly criminal at all. The NY Times now has a blog post on more or less the same subject, but focusing on the "fuzzy and shifting line between hacker and criminal." While it's good that more attention is getting paid to these kinds of questionable cases, I wonder if that framing is really accurate. I don't think there's a "line" -- fuzzy, shifting or not -- between "hacker" and "criminal." The two things are different. Can you be a criminal hacker? Sure. But the problem is that many non-techie folks seem to assume that any kind of hacking must be criminal. And that's the problem. It's not that some imaginary line is moving around, but that some people don't seem to understand that hacking itself is not criminal, and that there are plenty of good reasons to hack -- including to expose security holes.

from the a-string-of-failures dept

We've covered aseriesofembarrassingsetbacksfortheUS government'scaseagainstMegaupload over the past few months. It's a pretty stunning trail of errors by US officials who seemed to think that a scary story about a "bad man" would trump a lack of actual evidence or following legal procedure. While the case may hold up in the long run, it seems like everywhere you look there's evidence of highly questionable activity by the government.

The Frankfurt judges have since rejected this request, because it contains insufficient evidence. The US legal team failed to demonstrate that a web hosting service for the illegal upload of copyrighted files, amounts to a criminal offence.

According to the German 'Telemediengesetz' (communications legislation), a hosting service for foreign files will generally not be accountable unless the host had active knowledge of illegal activity. The judges also emphasised that the concept of knowledge is limited to positive knowledge. Therefore if the service provider believes that it is possible or likely that a specific piece of information is stored on their server, this is not sufficient evidence of knowledge of abuse.

According to the court ruling, there is no legal obligation to monitor the transmitted data or stored information or to search for any illegal activity.

Of course this was the same point that we raised the day that Megaupload was shut down. While it may be true that many Megaupload users have infringed on copyrights, there's a massive leap from that point to the idea that Megaupload is a criminal enterprise -- yet the US government's case basically skips over any details to make that leap. Thankfully cooler heads are recognizing that a significant amount of the US's case seems to be based on a fairy tale that US officials -- under the influence of Hollywood -- keep telling.

Tip to DOJ officials under the sway of Hollywood's version of the internet: remember, these people make their livings telling fairy tale stories. You know those opening credit lines about how something is "based on a true story"? Yeah, quite frequently the actual truth is a long way from what's shown. It seems that you may have been taken in by another such Hollywood "true" tale.

from the say-what-now? dept

In a horrifyingly bad ruling, the 6th Circuit appeals court has said that the owner of a prepaid phone has no 4th Amendment rights in protecting his location info from law enforcement. There have been a number of cases touching on this subject, with a few different rulings back and forth, including more than a few in the federal courts that argue tracking someone's location isn't a 4th Amendment violation. But, even if you grant that, this particular ruling is egregiously bad and poorly argued. The EFF highlights some of the more brain-numbing aspects of the ruling:

In what can only be described as a results-oriented opinion, the court found Skinner had no reasonable expectation of privacy in the cell phone location data because "if a tool used to transport contraband gives off a signal that can be tracked for location, certainly the police can track the signal." Otherwise, "technology would help criminals but not the police." In other words, because cell phones can be used to commit crimes, there can't be any Fourth Amendment privacy rights in them. If this sounds like an over-simplistic description of the legal reasoning in an opinion we disagree with, the sad reality is that the court's conclusion really did boil down to this shallow understanding of the law.

Yes, you read that right. Basically, if you've broken the law, according to the court, you have no 4th Amendment rights. And, then it goes further, by basically noting, because anyone might be a criminal, we might as well remove all of their 4th Amendment rights as well, because doing so might help the police. Of course, this goes against the very basis of the 4th Amendment.

The story involves police tracking a guy accused of being a drug runner, via the GPS in his pre-paid phone, without getting a warrant. The guy, Melvin Skinner, pointed out that this violated his 4th Amendment rights, but, as noted above, the court disagreed.

The court proceeds through a series of lazy and underdeveloped analogies:

Otherwise dogs could not be used to track a fugitive if the fugitive did not know that the dog hounds had his scent. A getaway car could not be identified and followed based on the license plate number if the driver reasonably thought he had gotten away unseen. The recent number of cell phone technology does not change this. If it did, then technology would help criminals but not the police. It follows that Skinner had no expectation of privacy in the context of this case, just as the driver of a getaway car has no expectation of privacy in the particular combination of colors of the car’s paint.

But it does not follow at all. “What a person knowingly exposes to the public, even in his own home or office, is not a subject of Fourth Amendment protection,” the Supreme Court explained in the seminal case of Katz v. United States, “But what he seeks to preserve as private, even in an area accessible to the public, may be constitutionally protected.” Any member of the public can buy a dog and follow a scent. Any member of the public can view and copy down a license plate number. Any member of the public can view the external paint job of a car. But any member of the public cannot just track the GPS signal of a random cell phone—and if they could, most of us would be extremely wary about carrying cell phones. Unlike all these other examples, GPS tracking as employed here depends crucially on the ability of police to invoke state authority—a seemingly salient distinction the court fails to take any note of.

That's not all. The court seems equally confused about other cases, and both the EFF and Sanchez's link above details other mistakes concerning other case law. This isn't just a case of people having different interpretations. This seems like a clear case of a court not really bothering much with the details or the case law and just seeing one thing: this guy was a criminal and the GPS info was useful in finding him, therefore it must be okay. This is a very troubling precedent to have on the books no matter how you look at it.

And it will impact many Americans. While the focus in the ruling is on the "but he's a criminal!!!!" aspect, it applies across the board to pre-paid mobile phone users (well, at least those covered by the 6th Circuit). And that's about a quarter of mobile phone subscriptions. As the EFF put it, in an effort to make sure criminals get no privacy location privacy rights, the court has killed such rights for everyone else as well -- which is exactly the opposite of how our system is supposed to work.